Page MenuHomeFreeBSD
Differential D15798

audit(4): Syscalls dealing with file access via file-handles
ClosedPublic
Actions

Authored by aniketp on Jun 14 2018, 4:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 4, 12:28 AM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 8:20 PM
Unknown Object (File)
Jan 27 2024, 12:49 AM
Unknown Object (File)
Jan 7 2024, 10:41 AM
Unknown Object (File)
Dec 20 2023, 2:58 AM
View All 17 Files
Subscribers
imp

Details

Reviewers
asomers
rwatson
gnn
Commits
rS335145: audit(4): add tests for fhopen, fhstat, and fhstatfs
Summary

The following change introduces 3 system calls dealing with retrieving file information
with the help of file handles. The system calls are categorized as audit events
within file-attribute-access audit class

List of system calls:

  • fhopen(2)
  • fhstat(2)
  • fhstatfs(2)
Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 17260
Build 17100: arc lint + arc unit

Event Timeline

aniketp created this revision.Jun 14 2018, 4:54 AM
Harbormaster completed remote builds in B17253: Diff 43743.Jun 14 2018, 4:54 AM
asomers requested changes to this revision.Jun 14 2018, 1:30 PM
asomers added inline comments.
tests/sys/audit/file-attribute-access.c
389

Do you have a test for getfh itself anywhere?

417

This is a read from uninitialized memory, and isn't guaranteed to fail. Better would be to deliberately construct an invalid fhandle_t. However, I don't see any obvious way to do that. So a better test might be to call fhopen with a valid fhandle_t, but make it fail for some other reason. For example, the man page says it will fail if O_CREAT is set.

468

Another read from uninitialized memory here.

519

And here.

This revision now requires changes to proceed.Jun 14 2018, 1:30 PM
aniketp added inline comments.Jun 14 2018, 1:50 PM
tests/sys/audit/file-attribute-access.c
389

Yes @asomers, I have tested getfh(2) which is weirdly audited as nfs_getfh(2), and that too in administrative audit class.
Here is the test for nfs_getfh(2) : https://github.com/aniketp/AuditTestSuite/blob/master/audit/administrative.c#L157

aniketp updated this revision to Diff 43753.Jun 14 2018, 2:06 PM

Replace uninitialized buffers with NULL for the failure cases

Harbormaster completed remote builds in B17260: Diff 43753.Jun 14 2018, 2:06 PM
asomers added a comment.Jun 14 2018, 2:29 PM

You also need to update Makefile.

aniketp added a comment.Jun 14 2018, 2:33 PM

@asomers, I'm adding these tests on top of already existing tests in file-attribute-access. Why would updating the Makefile be necessary here?

asomers added a comment.Jun 14 2018, 2:49 PM
In D15798#334130, @aniketp wrote:

@asomers, I'm adding these tests on top of already existing tests in file-attribute-access. Why would updating the Makefile be necessary here?

Oh, I see the real problem now. Your last submission accidentally disabled these tests: https://reviews.freebsd.org/D15795#inline-96266 .

asomers accepted this revision.Jun 14 2018, 3:02 PM
This revision is now accepted and ready to land.Jun 14 2018, 3:02 PM
Closed by commit rS335145: audit(4): add tests for fhopen, fhstat, and fhstatfs (authored by asomers). · Explain WhyJun 14 2018, 3:05 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: imp. · View Herald TranscriptJun 14 2018, 3:05 PM

Revision Contents
Changeset List

PathSize
tests/
sys/
audit/
168 lines

Diff 43753

View Options

tests/sys/audit/file-attribute-access.c

Loading...